Drive-By: Skybox Security - Nice-to-have or Must-have?

Just a reminder that a drive-by is meant to evaluate a vendor's web site from the perspective of a new end user visiting the site for the first time. Obviously I'm a bit more sophisticated than some users, so I can infer certain things. But I have not spoken to this company recently, so I'm in the same boat as you.

The subject of today's drive-by is Skybox Security. They recently announced an OEM deal with Verisign that got me interested in checking them out.

5-second view: Skybox does "Security Risk Management" helping companies to visualize their risks and model their networks. Most of the home page does not add value. So they've won some awards. Great. What I want is to understand by glancing at a page in 5 seconds is: What problem do they solve? I also need to get a feel for how they do it? Ultimately, why should I care? Unfortunately Skybox comes up short here. It's not clear to me what problem is being solved, so I likely move on to the next site.

But since this is a drive-by, I'll look deeper. Let's hit the products section and figure out a bit about what they do. They actually have a tab in this section that says "Positioning." Perfect. I'm not sure an end user is going to understand what that means, but for me it's great. Skybox is positioning as a complimentary piece of technology to help add value to the other segments in the security space, like vulnerability management and intrusion detection. So, that's good. Customers don't like it when a vendor comes forward with a "rip and replace" strategy.

But there is a downside to that kind of positioning. Complimentary technology can be perceived as a nice-to-have, as opposed to a must-have. We all know that when it comes down to it, customers buy things they must-have and they defer stuff that is nice-to-have. So hopefully I'll have an ah-ha moment as I'm tooling around this site. Then I'll get why I need this thing today, as opposed to tracking it as something that maybe would be cool somewhere down the line.

They seem to have two products, the first called "Skybox View." Here is a blurb:

"Skybox View provides a critical missing piece. The ability to continuously analyze and model your entire network infrastructure in the context of your security and connectivity needs. Information overload is transformed into actionable tasks that will drive operational efficiency."

That actually seems pretty compelling. Why? Any way to prioritize what an end user has to do is huge. So much time is wasted because you do things that don't matter. Having a way to figure out what to do based upon where my greatest vulnerabilities are makes a ton of sense. I'm getting pumped. This could be cool.

Additionally, they position as a "proactive" solution - so they help before things go south and an outbreak occurs. Again, the concern is that most folks don't have the time (or the strategic bones) to understand why be proactive is a good thing. Again, this is more of a vitamin, as opposed to a prescription drug. When selling complicated security product, you always want to be a prescription drug. My excitement is waning.

OK, now I get it. Digging a little deeper, I find that Skybox View is actually a suite of applications. That's not clear, which is a problem. Skybox View consists of two main applications: Skybox Secure and Skybox Access.

Skybox Secure is their simulation engine. So first they map the entire network, then they can run simulations to figure out which attacks are most likely to be successful. Hmmm. Does this help me prioritize my efforts? That's what the marketing literature would lead you to believe. The idea of getting a stack ranked list of vulnerabilities with an idea of the risk they present is pretty interesting.

It's not clear what Skybox Assure is. Here is a description: "...unique access simulation within a virtual staging environment. This process allows organizations to evaluate the effectiveness and compliance of security controls within defined policies." What is a virtual staging environment? They just lost me. Maybe it provides the ability to model certain policies and figure out which ones would eliminate the most risk. Or to evaluate the impact of certain changes. I don't know, but what was a clean message became very confusing very quickly.

Overall, the idea of being able to prioritize my activities to maximize effectiveness is very interesting. So I'd want to learn more about these folks. It's not clear through my initial 5 minutes on the site what I'll need to do, how I deploy it, or how sophisticated I need to be to make this thing work, but they've done a good enough job to pique my interest.

The concern I have is that not many companies have the luxury of being able to simulate anything. They can barely put out the 4-alarm fires that happen to show up every day. So this is still probably a nice-to-have, but if I've got the budget and the sophistication - I think this kind of application can provide some value. If I'm a user, I probably take a 30 minute call to figure it out.

Lastly, Skybox just announced a bundling deal with Verisign, so the Skybox capabilities are now available as a managed offering by Verisign. This is a great deployment model for this kind of technology. Having experts from the service provider, who presumably know the application well, generate some cool reports to show where I'm vulnerable and what I'm supposed to be doing would be great. Not sure how much extra I'd pay for it, but all other things being equal it could definitely swing me to a provider that offers this capability.

Let me know what you think of the drive-by concept. I check out new sites all the time. If it's interesting to ride shotgun with me, let me know and I'll do more.